Lucene search

SAINT CorporationSAINT:4BB898B0D02C359CF89CC71AFE3C911F

HistoryJun 06, 2019 - 12:00 a.m.

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

2019-06-0600:00:00

SAINT Corporation

my.saintcorporation.com

227

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.953 High

EPSS

Percentile

99.3%

JSON

Added: 06/06/2019
CVE: CVE-2019-9621

Background

Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises.

Problem

The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and Server Side Request Forgery.

Resolution

Upgrade to Zimbra Collaboration Suite 8.7.11 Patch 11, 8.8.9 Patch 10, 8.8.10 Patch 8, 8.8.11 Patch 4, or 8.8.12 Patch 1 or higher.

References

<https://bugzilla.zimbra.com/show_bug.cgi?id=109127>
<https://wiki.zimbra.com/wiki/Security_Center>

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.953 High

EPSS

Percentile

99.3%

JSON

Related for SAINT:4BB898B0D02C359CF89CC71AFE3C911F